about summary refs log tree commit diff
diff options
context:
space:
mode:
authorThomas Gerbet <thomas@gerbet.me>2022-10-08 10:22:42 +0200
committerThomas Gerbet <thomas@gerbet.me>2022-10-08 19:58:11 +0200
commit679cd3462fab51ba0534532d5a28b96659cc8b63 (patch)
tree7aa2e05cd607244436bc1ab0ab097f6c79f58c55
parentb078ae79375573c7af1f7952db3eae5e337e6572 (diff)
sget: init at unstable-2022-10-04
This binary was provided by the `cosign` package until now but it is in
the process of being removed, see https://github.com/sigstore/cosign/pull/2019

Since it might be removed during the 22.11 cycle we drop it
preventively. This will make possible security backports easier if we
need them.
Diffstat
-rw-r--r--nixos/doc/manual/from_md/release-notes/rl-2211.section.xml4
-rw-r--r--nixos/doc/manual/release-notes/rl-2211.section.md2
-rw-r--r--pkgs/tools/security/cosign/default.nix5
-rw-r--r--pkgs/tools/security/sget/default.nix33
-rw-r--r--pkgs/top-level/all-packages.nix2
5 files changed, 39 insertions, 7 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index 78bd6c6a22d84..177af1d2afa35 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -501,7 +501,9 @@
       <listitem>
         <para>
           <literal>pkgs.cosign</literal> does not provide the
-          <literal>cosigned</literal> binary anymore.
+          <literal>cosigned</literal> binary anymore. The
+          <literal>sget</literal> binary has been moved into its own
+          package.
         </para>
       </listitem>
       <listitem>
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index 37b0db8a8ce10..d0376b67c982a 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -169,7 +169,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
 - PHP 7.4 is no longer supported due to upstream not supporting this
   version for the entire lifecycle of the 22.11 release.
 
-- `pkgs.cosign` does not provide the `cosigned` binary anymore.
+- `pkgs.cosign` does not provide the `cosigned` binary anymore. The `sget` binary has been moved into its own package.
 
 - Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues.
   Users who still wish to remain using GTK can do so by using `emacs-gtk`.
diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix
index f64237b82540e..6cfd46954e328 100644
--- a/pkgs/tools/security/cosign/default.nix
+++ b/pkgs/tools/security/cosign/default.nix
@@ -20,7 +20,6 @@ buildGoModule rec {
 
   subPackages = [
     "cmd/cosign"
-    "cmd/sget"
   ];
 
   tags = [] ++ lib.optionals pivKeySupport [ "pivkey" ] ++ lib.optionals pkcs11Support [ "pkcs11key" ];
@@ -45,10 +44,6 @@ buildGoModule rec {
       --bash <($out/bin/cosign completion bash) \
       --fish <($out/bin/cosign completion fish) \
       --zsh <($out/bin/cosign completion zsh)
-    installShellCompletion --cmd sget \
-      --bash <($out/bin/sget completion bash) \
-      --fish <($out/bin/sget completion fish) \
-      --zsh <($out/bin/sget completion zsh)
   '';
 
   meta = with lib; {
diff --git a/pkgs/tools/security/sget/default.nix b/pkgs/tools/security/sget/default.nix
new file mode 100644
index 0000000000000..ef59b5db33418
--- /dev/null
+++ b/pkgs/tools/security/sget/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "sget";
+  version = "unstable-2022-10-04";
+
+  src = fetchFromGitHub {
+    owner = "sigstore";
+    repo = pname;
+    rev = "d7d1e53b21ca906000e74474729854cb5ac48dbc";
+    sha256 = "sha256-BgxTlLmtKqtDq3HgLoH+j0vBrpRujmL9Wr8F4d+jPi0=";
+  };
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  vendorSha256 = "sha256-KPQHS7Hfco1ljOJgStIXMaol7j4dglcr0w+6Boj7GK8=";
+
+  ldflags = [ "-s" "-w" ];
+
+  postInstall = ''
+    installShellCompletion --cmd sget \
+      --bash <($out/bin/sget completion bash) \
+      --fish <($out/bin/sget completion fish) \
+      --zsh <($out/bin/sget completion zsh)
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/sigstore/sget";
+    description = "Command for safer, automatic verification of signatures and integration with Sigstore's binary transparency log, Rekor";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ lesuisse ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 33ca400bbb815..a5ad554e9c7a6 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -11059,6 +11059,8 @@ with pkgs;
 
   sg3_utils = callPackage ../tools/system/sg3_utils { };
 
+  sget = callPackage ../tools/security/sget { };
+
   sha1collisiondetection = callPackage ../tools/security/sha1collisiondetection { };
 
   shadowsocks-libev = callPackage ../tools/networking/shadowsocks-libev { };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-23 04:57:44 +0000